Internet Security/network safety/Zittrain: In an effort to satisfy the desire for safety without full lockdown, PCs could be designed to pretend to be more than one machine, capable of cycling from one split personality to the next. In its simplest implementation, we could divide a PC into two virtual machines: “Red” and “Green.” (1) The Green PC would house reliable software and important data—a stable, mature OS platform and tax returns, term papers, and business documents. The Red PC would have everything else. In this setup, nothing that happens on one PC could easily affect the other, and the Red PC could have a simple reset button that sends it back to a predetermined safe state. Someone could confidently store important data on the Green PC and still use the Red PC for experimentation. Knowing which virtual PC to use would be akin to knowing when a sport utility vehicle should be placed into four-wheel drive mode instead of two-wheel drive, a decision that mainstream users could learn to make responsibly and knowledgeably. A technology that splits the difference between lockdown and openness means that intermediaries could afford to give their end users more flexibility—which is to say, more opportunity to run others’ code.
We want our e-mail programs to have access to any document on our hard drive, so that we can attach it to an e-mail (…)requires the ability to cross the boundaries from one application to another, or one virtual PC to another. For similar reasons, we may be hesitant to adopt complex access control and privilege lists to designate what software can and cannot do. (2)
1. For a sketch of such a machine, see Butler Lampson, Microsoft, Powerpoint on Accountability and Freedom 17—18 (Sept. 26, 2005), http://research.microsoft.com/lampson/slides/accountabilityAndFreedomAbstract.htm.
2. See, e.g., Granma’s Rules of POLA, http://www.skyhunter.com/marcs/granmaRulesPola.html (last visited June 1, 2007) (outlining six rules for desktop security based on the Principle of Least Authority); Sudhakar Govindavajhala & Andrew W Appel, Windows Access Control Demystified 2 (Jan. 31, 2006) (unpublished manuscript under submission), available at http://www.cs.princeton.edu/-sudhakar/papers/winval.pdf (detailing how the “fine-grained and expressive” character of Windows access control makes it difficult to evaluate the consequences of commercial access-control configurations, which leads to misconfigurations and “privilege-escalation vulnerabilities”); Introduction to Capability Based Security, http://www.skyhunter.com/marcs/capabilityIntro/index.html (last visited June 1, 2007)._____________Explanation of symbols: Roman numerals indicate the source, arabic numerals indicate the page number. The corresponding books are indicated on the right hand side. ((s)…): Comment by the sender of the contribution. The note [Author1]Vs[Author2] or [Author]Vs[term] is an addition from the Dictionary of Arguments. If a German edition is specified, the page numbers refer to this edition.
The Future of the Internet--And How to Stop It New Haven 2009